3 Replies Latest reply: Mar 26, 2014 4:02 PM by user777 RSS

    Increased SPAM after MEG 7.5 install



      We recently migrated from Ironmail 6.7.2 to MEG 7.5. Since the installation, our users are complaining of an increase in SPAM. I am aware that the global spam volume has increased. Looking at the message search, it appears that the illicit messages in question are getting delivered until they reach a count of 100. At that time, MEG begins to categorize the next messages that come from that sender / subject / IP as SPAM. I am trying to determine how to lower that "Allowed threshold" of 100 "questionable" messages delivered.

      Does anyuone have any suggestions? I may be overlooking a simple setting.


        • 1. Re: Increased SPAM after MEG 7.5 install

          I am not aware of any threshold in the MEG appliance which would allow 100 "questionable" messages to get through, but then block any more from the same sender.  There are some settings which will allow you to block messages based upon a maximum number of recipients for one message, but that's not a commonly configured setting.


          I would definitely recommend giving us a call and discussing this with Support.  There may be a settings misconfiguration or something else which we need to assist you to fix.  Another possibility is that there is a problem with the spam rules, in which case we would need to get message data to our spam team. 


          If you haven't already, I would recommend reviewing KB59415 and the Spam Configuration blog post on the MEG blogs above, as these will help with submitting spam false positives and negatives to our spam team.



          • 2. Re: Increased SPAM after MEG 7.5 install

            We also recently went from IronMail 6.7.2 to MEG 7.5.  I have numerous users complaining that they used to receive 1 or 2 SPAM messages a week.  They are now receiving 10 - 15 a day.  I've already downloaded the McAfee Customer Submission tool and have been submitting the samples for almost a week.  I've also lowered our spam threshold to 4 for the default policy.  At this point, I guess I'm going to have to call support.

            • 3. Re: Increased SPAM after MEG 7.5 install

              I just received the following email from McAfee that seems to indicate the cause for the increased SPAM that we've been seeing over the last couple of weeks.


              From: McAfee SNS [mailto:sns@snssecure.mcafee.com]
              Sent: Wednesday, March 26, 2014 3:36 PM
              Subject: McAfee SNS Notice: Messaging Reputation Server *UPDATE*


              Restoration of the Messaging Reputation server and database used for spam filtering will be completed on schedule next week.

              McAfee expects a return to normal operating parameters. Tuning enhancements will continue and customers should expect to see incremental improvements over the following 7 days. Additionally, McAfee will increase spam protection and system reliability over the next three months, resulting in additional improvements.


              Previously Announced via SNS (10 March 2014)

              The McAfee GTI Messaging Reputation database server experienced a hardware failure and impact to the database. Because McAfee was unable to provide updated messaging reputation data to these products, existing reputation data grew stale over time, resulting in more spam getting through to mailboxes.

              Products utilizing anti-spam technology were impacted:

              • IronMail (McAfee E-Mail Gateway [MEG] 6.x)
              • E-mail Gateway (MEG 7.x)
              • Firewall Enterprise (All versions)
              • E-mail and Web Security Gateway (All versions)
              • SaaS E-Mail Protection
              • Security for Microsoft Exchange (formerly GroupShield)
              • TrustedSource.com Website
              • Security Center